Home > Technical & Creative Skills > Programming, Servers & Scripts

Bot Trap Cookie Based? (7)

05-19-2017 07:09 AM #1 sergioska (Member)
Bot Trap Cookie Based?

Hi

I'm new on STM and i'm learning about mobile marketing.

Reading @caurmen tutorial about bot test i have tried to implement a bot detection cookie based.

My idea is based on principle that browser can saves cookies, but bot no (if it's doesn't been implements to work with cookies ...)


Code:
<script type="text/javascript">


// Set cookie.
function setCookie(name, value, expires, path, domain, secure) {
  document.cookie = name + "=" + escape(value) +
    ((expires) ? "; expires=" + expires : "") +
    ((path) ? "; path=" + path : "") +
    ((domain) ? "; domain=" + domain : "") +
    ((secure) ? "; secure" : "");
}


// Get cookie.
function getCookie(name) {
  var cookie = " " + document.cookie;
  var search = " " + name + "=";
  var setStr = null;
  var offset = 0;
  var end = 0;
  if (cookie.length > 0) {
    offset = cookie.indexOf(search);
    if (offset != -1) {
      offset += search.length;
      end = cookie.indexOf(";", offset)
      if (end == -1) {
        end = cookie.length;
      }
      setStr = unescape(cookie.substring(offset, end));
    }
  }
  return(setStr);
}


// Delete cookie.
function delCookie(name) {
  document.cookie = name + "=" + "; expires=Thu, 01 Jan 1970 00:00:01 GMT";
}


// Set cookie for 1 hour:
date = new Date();
date.setHours(date.getHours() + 1);
setCookie('i_m_a_bro', 'yes', date.toUTCString());


function redir() {
    var cookieCheck = getCookie('i_m_a_bro');
    if (cookieCheck == 'yes') {
        delCookie('i_m_a_bro');
        window.location.replace('REPLACE_URL');
    }
    else
        alert ("YOU ARE A FUCKING BOT!");
}
</script>
</head>
<body onload="setTimeout(redir(), 300);">


</body>
What do you think about this?

05-19-2017 07:18 AM #2 lafftar (Member)

Can you explain what this does man?

05-19-2017 08:27 AM #3 lex_g_ (Member)

There is a thread about bot catching by means of cookies here : http://stackoverflow.com/questions/1...tilize-cookies

Simply said, bots can be coded to deal with cookies (ofcourse). Not all bots will be doing this (depending on their mission), so you might filter out those ones. However, In my experience, you'll get the best results by utilizing multiple filtering strategies Besides that, bots will be bots. In the end it's your marketing results that count.

05-19-2017 09:38 AM #4 sergioska (Member)

Quote Originally Posted by lafftar View Post
Can you explain what this does man?
Sorry @lafftar you are right.

The principal is very simple.

1) On page load javascript code set a cookie with name i_m_a_bro, value 'yes' and one hour as duration.

2) On dom body load there is a timeout of 300 ms. After that start redir function (very simple bot will doesn't enter here ...)

3) in redir function only those who have a valid cookie (browsers) will can be redirect, while others (bot without cookie management) go to else part (remove alert in production environment)

I hope that i have been clear. If not please let me know.

05-19-2017 09:41 AM #5 sergioska (Member)

Quote Originally Posted by lex_g_ View Post
There is a thread about bot catching by means of cookies here : http://stackoverflow.com/questions/1...tilize-cookies

Simply said, bots can be coded to deal with cookies (ofcourse). Not all bots will be doing this (depending on their mission), so you might filter out those ones. However, In my experience, you'll get the best results by utilizing multiple filtering strategies Besides that, bots will be bots. In the end it's your marketing results that count.
You are right @lex_g_
It's only another trap that can filters another type of bots.

05-19-2017 10:04 AM #6 jessejames (Member)

I think it's good, but most trackers already set cookies, so I think you can do it simpler without having to set your own cookies in JS. You can check for the tracker cookies quite easily I assume. Also you can look for other traits of bots, i.e. window orientation etc, and only redirect the ones you want to send to the campaign. The non bots will "click through" in your tracker, while the rest won't and you can then filter down on placement, device, os etc.

I think this will take care of simple bots, most bots ...

05-19-2017 10:38 AM #7 caurmen (Administrator)

Good approach! I like it.

If you really want to catch a lotta lotta bots, I'd recommend layering one or two other bot-spotting techniques on too. The simplest one is probably the hidden link: add a second link to your real lander (or you could even add a link to your redirect lander) that's hidden from human users, and mark as a bot anything that clicks through it.

How to hide the link? There are multiple ways: I like the "almost the same colour as the background" approach, but you can also absolutely position off-screen, use z-depth to put it behind something else, and so on.

It's also worth looking for inconsistent useragents, obvious datacenter referrers (yeah, I don't believe that Digital Ocean's staff are that interested in my eCommerce offer), and similar tells, but that starts to get into multi-layered detection which takes more time.

Home > Technical & Creative Skills > Programming, Servers & Scripts